We can make a version of Kerplapp for the Google Play Store that includes the ability to download an F-Droid.apk and then check the hash against an included sha256. Then it could download it from multiple sources, and still be able to verify it. CiaranG said they can give us a static URL to a specific version of F-Droid for this. We can probably also rely on the APK being in the archive repo, i.e. https://f-droid.org/archive/org.fdroid.fdroid_45.apk